The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create menu sections, menus, food items, and new menu pages.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-05T12:45:38.670Z

Updated: 2024-08-01T21:11:12.771Z

Reserved: 2024-05-29T00:45:06.067Z

Link: CVE-2024-5459

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.771Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-05T13:15:13.437

Modified: 2024-06-13T19:35:55.083

Link: CVE-2024-5459

cve-icon Redhat

No data.